kubernetes安装calico

calico官网

环境：centos7.9，calico 3.23，kuberadm 1.26

问题1：执行kubectl create -f calico.yml后报错如下

error: resource mapping not found for name: “tigera-operator” namespace: “” from “tigera-operator.yaml”: no matches for kind “PodSecurityPolicy” in version “policy/v1beta1”
ensure CRDs are installed first

网上反馈是bug，

解决：更换calico版本为3.24

环境：centos7.9，calico 3.24，kuberadm 1.26

问题2：

calico/node is not ready: BIRD is not ready: Error querying BIRD: unable to connect to BIRDv4 socket: dial unix /var/run/calico/bird.ctl: connect: connection refused

排查：进入pod内部

kubectl exec -it calico-node-6s8s4 -n calico-system -- /bin/bash
cat /etc/calico/confd/config/bird.cfg

可以看出，识别的是其他网卡的IP，而不是网卡enth0的

解决：删除这个网卡（删除前注意该网卡是否有用）

ip link delete br-2df6e6895fc8

然后删除运行异常的pod，而且多出 几个pod ,至此问题解决

测试coredns是否可以解析域名

dig -t a www.baidu.com @10.96.0.10

发现可以正常解析域名

问题3：

在命令行执行任何kubectl命令都会出现如下报错

E0530 22:18:17.321418 5318 memcache.go:255] couldn’t get resource list for projectcalico.org/v3: the server is currently unable to handle the request
E0530 22:18:17.322311 5318 memcache.go:106] couldn’t get resource list for projectcalico.org/v3: the server is currently unable to handle the request
E0530 22:18:17.325241 5318 memcache.go:106] couldn’t get resource list for projectcalico.org/v3: the server is currently unable to handle the request
E0530 22:18:17.329924 5318 memcache.go:106] couldn’t get resource list for projectcalico.org/v3: the server is currently unable to handle the request

解决方案：

[root@master ~]# kubectl get apiserver
E0530 22:16:50.712046    4300 memcache.go:255] couldn't get resource list for pr                                                                                                                              ojectcalico.org/v3: the server is currently unable to handle the request
E0530 22:16:50.718055    4300 memcache.go:106] couldn't get resource list for pr                                                                                                                              ojectcalico.org/v3: the server is currently unable to handle the request
E0530 22:16:50.720366    4300 memcache.go:106] couldn't get resource list for pr                                                                                                                              ojectcalico.org/v3: the server is currently unable to handle the request
E0530 22:16:50.721964    4300 memcache.go:106] couldn't get resource list for pr                                                                                                                              ojectcalico.org/v3: the server is currently unable to handle the request
NAME      AGE
default   8h

删除该默认的apiserver

[root@master ~]#    kubectl delete apiserver default
E0530 22:18:48.353108    5663 memcache.go:255] couldn't get resource list for pr                                                                                                                              ojectcalico.org/v3: the server is currently unable to handle the request
E0530 22:18:48.355883    5663 memcache.go:106] couldn't get resource list for pr                                                                                                                              ojectcalico.org/v3: the server is currently unable to handle the request
E0530 22:18:48.358348    5663 memcache.go:106] couldn't get resource list for pr                                                                                                                              ojectcalico.org/v3: the server is currently unable to handle the request
E0530 22:18:48.360748    5663 memcache.go:106] couldn't get resource list for pr                                                                                                                              ojectcalico.org/v3: the server is currently unable to handle the request
apiserver.operator.tigera.io "default" deleted

报错没有了，目前服务正常